Merge pull request #3304 from openziti/update-deps-and-wf

Update deps and wf

Author: plorenz

.github/dependabot.yml

@@ -1,67 +1,69 @@
 version: 2
 updates:
 - package-ecosystem: gomod
-  directory: "/"
+  directory: /
   schedule:
     interval: daily
   open-pull-requests-limit: 10
   groups:
     openziti:
       applies-to: version-updates
       update-types:
-        - "minor"
-        - "patch"
+        - minor
+        - patch
       patterns:
         - "*openziti*"
 
     third-party:
       applies-to: version-updates
       update-types:
-        - "minor"
-        - "patch"
+        - minor
+        - patch
       exclude-patterns:
         - "*openziti*"
         - "*rabbitmq*"
         - "*blackfriday*"
         - "*zitadel*"
 
 - package-ecosystem: github-actions
-  directory: "/"
+  directory: /
   schedule:
     interval: weekly
   open-pull-requests-limit: 10
   groups:
     all:
       applies-to: version-updates
       update-types:
-        - "major"
-        - "minor"
-        - "patch"
+        - major
+        - minor
+        - patch
 
 # bump the console SPA version that is built in to the controller image
 - package-ecosystem: docker
-  directory: "/dist/docker-images/ziti-controller"
+  directory: /dist/docker-images/ziti-controller
   schedule:
     interval: weekly
   open-pull-requests-limit: 10
   groups:
     all:
       applies-to: version-updates
       update-types:
-        - "major"
-        - "minor"
-        - "patch"
+        - major
+        - minor
+        - patch
 
 # bump the kubectl version in the cli image
 - package-ecosystem: docker
-  directory: "/dist/docker-images/ziti-cli"
+  directory: /dist/docker-images/ziti-cli
   schedule:
     interval: weekly
   open-pull-requests-limit: 10
+  allow:
+    - dependency-name: portainer/kubectl-shell
   groups:
     all:
       applies-to: version-updates
       update-types:
-        - "major"
-        - "minor"
-        - "patch"
+        - major
+        - minor
+        - patch

CHANGELOG.md

@@ -1,3 +1,22 @@
+# Release 1.5.7
+
+## What's New
+
+* Additional library updates to resolve CVEs in dependencies
+* GitHub Actions release workflow fix
+
+## Component Updates and Bug Fixes
+
+* github.com/openziti/foundation/v2: [v2.0.59 -> v2.0.77](https://github.com/openziti/foundation/compare/v2.0.59...v2.0.77)
+    * [Issue #455](https://github.com/openziti/foundation/issues/455) - Correctly close goroutine pool when external close is signaled
+    * [Issue #452](https://github.com/openziti/foundation/issues/452) - Goroutine pool with a min worker count of 1 can drop to 0 workers due to race condition
+    * [Issue #443](https://github.com/openziti/foundation/issues/443) - Allow injecting custom method into go-routine pools, to allow identifying them in stack dumps
+
+* github.com/openziti/runzmd: [v1.0.67 -> v1.0.83](https://github.com/openziti/runzmd/compare/v1.0.67...v1.0.83)
+* github.com/openziti/go-term-markdown: v1.0.1 (new)
+* github.com/openziti/ziti: [v1.5.6 -> v1.5.7](https://github.com/openziti/ziti/compare/v1.5.6...v1.5.7)
+    * [Issue #3291](https://github.com/openziti/ziti/issues/3291) - replace decommissioned bitnami/kubectl
+
 # Release 1.5.6
 
 ## What's New

dist/docker-images/ziti-cli/Dockerfile

@@ -2,21 +2,18 @@
 
 # get kubectl CLI from a source with Docker Content Trust (DCT)
 # FIXME: require DCT at build time
-FROM bitnami/kubectl:1.32 AS bitnami-kubectl
-
-# FIXME: This repo requires terms acceptance and is only available on registry.redhat.io.
-# FROM registry.access.redhat.com/openshift4/ose-cli AS openshift-cli  
+FROM portainer/kubectl-shell:2.34.0 AS portainer-kubectl
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal
 # This build stage grabs artifacts that are copied into the final image.
 # It uses the same base as the final image to maximize docker cache hits.
 
 ARG ARTIFACTS_DIR=./release
 ARG DOCKER_BUILD_DIR=./dist/docker-images/ziti-cli
-# e.g. linux
-ARG TARGETOS
 # e.g. arm64
 ARG TARGETARCH
+# e.g. linux
+ARG TARGETOS
 
 ARG ZUID=2171
 ARG ZGID=2171
@@ -43,7 +40,7 @@ RUN   INSTALL_PKGS="python3.11 python3.11-pip tar bash-completion vim-minimal le
 # COPY --from=openshift-cli  /path/to/oc /usr/local/bin/oc
 
 ### install Kubernetes CLI
-COPY --from=bitnami-kubectl /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/
+COPY --from=portainer-kubectl /usr/local/bin/kubectl /usr/local/bin/
 
 ### add license in the path prescribed by OpenShift
 RUN mkdir -p -m0755 /licenses

go.mod

@@ -54,11 +54,11 @@ require (
 	github.com/openziti/channel/v3 v3.0.39
 	github.com/openziti/cobra-to-md v1.0.1
 	github.com/openziti/edge-api v0.26.42
-	github.com/openziti/foundation/v2 v2.0.59
+	github.com/openziti/foundation/v2 v2.0.77
 	github.com/openziti/identity v1.0.100
 	github.com/openziti/jwks v1.0.6
 	github.com/openziti/metrics v1.3.0
-	github.com/openziti/runzmd v1.0.67
+	github.com/openziti/runzmd v1.0.83
 	github.com/openziti/sdk-golang v0.25.1
 	github.com/openziti/secretstream v0.1.32
 	github.com/openziti/storage v0.4.7
@@ -77,7 +77,7 @@ require (
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
 	github.com/spf13/viper v1.20.0
-	github.com/stretchr/testify v1.10.0
+	github.com/stretchr/testify v1.11.1
 	github.com/teris-io/shortid v0.0.0-20201117134242-e59966efd125
 	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/zitadel/oidc/v2 v2.12.2
@@ -100,7 +100,6 @@ require (
 )
 
 require (
-	github.com/MichaelMure/go-term-markdown v0.1.4 // indirect
 	github.com/MichaelMure/go-term-text v0.3.1 // indirect
 	github.com/alecthomas/chroma v0.10.0 // indirect
 	github.com/andybalholm/brotli v1.1.1 // indirect
@@ -111,13 +110,12 @@ require (
 	github.com/biogo/store v0.0.0-20200525035639-8c94ae1e7c9c // indirect
 	github.com/boltdb/bolt v1.3.1 // indirect
 	github.com/c-bata/go-prompt v0.2.6 // indirect
+	github.com/clipperhouse/uax29/v2 v2.2.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
 	github.com/creack/pty v1.1.11 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/disintegration/imaging v1.6.2 // indirect
-	github.com/dlclark/regexp2 v1.10.0 // indirect
+	github.com/dlclark/regexp2 v1.11.5 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/eliukblau/pixterm/pkg/ansimage v0.0.0-20191210081756-9fb6cf8c2f75 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.1 // indirect
@@ -142,13 +140,12 @@ require (
 	github.com/josharian/native v1.1.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/kr/pty v1.1.8 // indirect
-	github.com/kyokomi/emoji/v2 v2.2.12 // indirect
-	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/kyokomi/emoji/v2 v2.2.13 // indirect
 	github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mattn/go-runewidth v0.0.19 // indirect
 	github.com/mattn/go-tty v0.0.3 // indirect
 	github.com/mdlayher/socket v0.4.1 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
@@ -160,6 +157,7 @@ require (
 	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
 	github.com/openziti-incubator/cf v0.0.3 // indirect
 	github.com/openziti/dilithium v0.3.5 // indirect
+	github.com/openziti/go-term-markdown v1.0.1 // indirect
 	github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pion/dtls/v3 v3.0.5 // indirect
@@ -168,7 +166,6 @@ require (
 	github.com/pkg/term v1.2.0-beta.2 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rodaine/table v1.0.1 // indirect
 	github.com/rs/cors v1.11.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
@@ -193,7 +190,6 @@ require (
 	go.opentelemetry.io/otel/metric v1.36.0 // indirect
 	go.opentelemetry.io/otel/trace v1.36.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/image v0.31.0 // indirect
 	golang.org/x/mod v0.28.0 // indirect
 	golang.org/x/term v0.35.0 // indirect
 	golang.org/x/tools v0.37.0 // indirect